#!/bin/bash

# 当前SELinux模式
if [ "$(getenforce 2>/dev/null)" = "Enforcing" ]; then
    echo "[+] 当前SELinux模式为Enforcing"
else
    echo "[-] 当前SELinux模式不是Enforcing"
fi

# 配置文件模式
if grep -q '^SELINUX=enforcing' /etc/selinux/config; then
    echo "[+] 配置文件为enforcing"
else
    echo "[-] 配置文件未设置为enforcing"
fi

# 策略类型
if grep -q '^SELINUXTYPE=targeted' /etc/selinux/config; then
    echo "[+] 策略类型为targeted"
else
    echo "[-] 策略类型未设置为targeted"
fi
